Compare commits
17 Commits
5c48f426a3
...
778318eed7
Author | SHA1 | Date |
---|---|---|
Raul Cheleguini | 778318eed7 | |
Ani Sinha | 4b356c90dc | |
Léane GRASSER | f28e16d14e | |
Yu Watanabe | 9e05e33871 | |
Lennart Poettering | 95116bdfd5 | |
Lennart Poettering | 2bd290ca02 | |
Yu Watanabe | 1e9fb1d456 | |
Yu Watanabe | 56c761f8c6 | |
Yu Watanabe | b76730f3fe | |
Yu Watanabe | 3dda236c5c | |
Zbigniew Jędrzejewski-Szmek | 5598454a3f | |
Yu Watanabe | 2994ca354b | |
Yu Watanabe | eb14b993bb | |
Christian Hesse | c946b13575 | |
Lennart Poettering | e39cbb1442 | |
Marco Tomaschett | bc4a027f9c | |
Raul Cheleguini | fb437dc7ab |
|
@ -953,6 +953,15 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
|
|||
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
|
||||
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
||||
|
||||
#########################################
|
||||
# Pine64
|
||||
#########################################
|
||||
|
||||
# PineTab2
|
||||
|
||||
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
|
||||
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
|
||||
|
||||
#########################################
|
||||
# Pipo
|
||||
#########################################
|
||||
|
|
24
meson.build
24
meson.build
|
@ -1579,6 +1579,29 @@ conf.set('DEFAULT_DNS_OVER_TLS_MODE',
|
|||
'DNS_OVER_TLS_' + default_dns_over_tls.underscorify().to_upper())
|
||||
conf.set_quoted('DEFAULT_DNS_OVER_TLS_MODE_STR', default_dns_over_tls)
|
||||
|
||||
dns_over_https = get_option('dns-over-https')
|
||||
if dns_over_https != 'false'
|
||||
have = true
|
||||
if conf.get('HAVE_LIBCURL') == 0
|
||||
message('DNS-over-HTTPS support depends on libcurl, but dependencies are not available')
|
||||
have = false
|
||||
endif
|
||||
if conf.get('HAVE_OPENSSL') == 0
|
||||
message('openssl required, but not available')
|
||||
have = false
|
||||
endif
|
||||
endif
|
||||
conf.set10('ENABLE_DNS_OVER_HTTPS', have)
|
||||
|
||||
default_dns_over_https = get_option('default-dns-over-https')
|
||||
if default_dns_over_https != 'no' and conf.get('ENABLE_DNS_OVER_HTTPS') == 0
|
||||
message('default-dns-over-https cannot be enabled. Setting default-dns-over-https to no.')
|
||||
default_dns_over_https = 'no'
|
||||
endif
|
||||
conf.set('DEFAULT_DNS_OVER_HTTPS_MODE',
|
||||
'DNS_OVER_HTTPS_' + default_dns_over_https.underscorify().to_upper())
|
||||
conf.set_quoted('DEFAULT_DNS_OVER_HTTPS_MODE_STR', default_dns_over_https)
|
||||
|
||||
default_mdns = get_option('default-mdns')
|
||||
conf.set('DEFAULT_MDNS_MODE',
|
||||
'RESOLVE_SUPPORT_' + default_mdns.to_upper())
|
||||
|
@ -3002,6 +3025,7 @@ summary({
|
|||
'default compression method' : compression,
|
||||
'default DNSSEC mode' : default_dnssec,
|
||||
'default DNS-over-TLS mode' : default_dns_over_tls,
|
||||
'default DNS-over-HTTPS mode' : default_dns_over_https,
|
||||
'default mDNS mode' : default_mdns,
|
||||
'default LLMNR mode' : default_llmnr,
|
||||
'default DNS servers' : dns_servers.split(' '),
|
||||
|
|
|
@ -353,6 +353,10 @@ option('default-dns-over-tls', type : 'combo',
|
|||
description : 'default DNS-over-TLS mode',
|
||||
choices : ['yes', 'opportunistic', 'no'],
|
||||
value : 'no')
|
||||
option('default-dns-over-https', type : 'combo',
|
||||
description : 'default DNS-over-HTTPS mode',
|
||||
choices : ['yes', 'no'],
|
||||
value : 'no')
|
||||
option('default-mdns', type : 'combo',
|
||||
choices : ['yes', 'resolve', 'no'],
|
||||
description : 'default MulticastDNS mode',
|
||||
|
@ -363,6 +367,8 @@ option('default-llmnr', type : 'combo',
|
|||
value : 'yes')
|
||||
option('dns-over-tls', type : 'combo', choices : ['auto', 'gnutls', 'openssl', 'true', 'false'],
|
||||
description : 'DNS-over-TLS support')
|
||||
option('dns-over-https', type : 'combo', choices : ['true', 'false'],
|
||||
description : 'DNS-over-HTTPS support')
|
||||
option('dns-servers', type : 'string',
|
||||
description : 'space-separated list of default DNS servers',
|
||||
value : '1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google')
|
||||
|
|
4
po/fr.po
4
po/fr.po
|
@ -12,7 +12,7 @@ msgid ""
|
|||
msgstr ""
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
||||
"PO-Revision-Date: 2024-11-23 10:38+0000\n"
|
||||
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
|
||||
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
|
||||
"main/fr/>\n"
|
||||
|
@ -1258,7 +1258,7 @@ msgstr ""
|
|||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||
msgid "Manage optional features"
|
||||
msgstr "Gérer les fonctionnalités en option"
|
||||
msgstr "Gérer les fonctionnalités facultatives"
|
||||
|
||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||
msgid "Authentication is required to manage optional features"
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
#define AUTOFS_MIN_PROTO_VERSION 3
|
||||
#define AUTOFS_MAX_PROTO_VERSION 5
|
||||
|
||||
#define AUTOFS_PROTO_SUBVERSION 5
|
||||
#define AUTOFS_PROTO_SUBVERSION 6
|
||||
|
||||
/*
|
||||
* The wait_queue_token (autofs_wqt_t) is part of a structure which is passed
|
||||
|
|
|
@ -1121,6 +1121,9 @@ enum bpf_attach_type {
|
|||
|
||||
#define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE
|
||||
|
||||
/* Add BPF_LINK_TYPE(type, name) in bpf_types.h to keep bpf_link_type_strs[]
|
||||
* in sync with the definitions below.
|
||||
*/
|
||||
enum bpf_link_type {
|
||||
BPF_LINK_TYPE_UNSPEC = 0,
|
||||
BPF_LINK_TYPE_RAW_TRACEPOINT = 1,
|
||||
|
@ -2851,7 +2854,7 @@ union bpf_attr {
|
|||
* **TCP_SYNCNT**, **TCP_USER_TIMEOUT**, **TCP_NOTSENT_LOWAT**,
|
||||
* **TCP_NODELAY**, **TCP_MAXSEG**, **TCP_WINDOW_CLAMP**,
|
||||
* **TCP_THIN_LINEAR_TIMEOUTS**, **TCP_BPF_DELACK_MAX**,
|
||||
* **TCP_BPF_RTO_MIN**.
|
||||
* **TCP_BPF_RTO_MIN**, **TCP_BPF_SOCK_OPS_CB_FLAGS**.
|
||||
* * **IPPROTO_IP**, which supports *optname* **IP_TOS**.
|
||||
* * **IPPROTO_IPV6**, which supports the following *optname*\ s:
|
||||
* **IPV6_TCLASS**, **IPV6_AUTOFLOWLABEL**.
|
||||
|
@ -5519,11 +5522,12 @@ union bpf_attr {
|
|||
* **-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if
|
||||
* invalid arguments are passed.
|
||||
*
|
||||
* void *bpf_kptr_xchg(void *map_value, void *ptr)
|
||||
* void *bpf_kptr_xchg(void *dst, void *ptr)
|
||||
* Description
|
||||
* Exchange kptr at pointer *map_value* with *ptr*, and return the
|
||||
* old value. *ptr* can be NULL, otherwise it must be a referenced
|
||||
* pointer which will be released when this helper is called.
|
||||
* Exchange kptr at pointer *dst* with *ptr*, and return the old value.
|
||||
* *dst* can be map value or local kptr. *ptr* can be NULL, otherwise
|
||||
* it must be a referenced pointer which will be released when this helper
|
||||
* is called.
|
||||
* Return
|
||||
* The old value of kptr (which can be NULL). The returned pointer
|
||||
* if not NULL, is a reference which must be released using its
|
||||
|
@ -6046,11 +6050,6 @@ enum {
|
|||
BPF_F_MARK_ENFORCE = (1ULL << 6),
|
||||
};
|
||||
|
||||
/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */
|
||||
enum {
|
||||
BPF_F_INGRESS = (1ULL << 0),
|
||||
};
|
||||
|
||||
/* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */
|
||||
enum {
|
||||
BPF_F_TUNINFO_IPV6 = (1ULL << 0),
|
||||
|
@ -6197,10 +6196,12 @@ enum {
|
|||
BPF_F_BPRM_SECUREEXEC = (1ULL << 0),
|
||||
};
|
||||
|
||||
/* Flags for bpf_redirect_map helper */
|
||||
/* Flags for bpf_redirect and bpf_redirect_map helpers */
|
||||
enum {
|
||||
BPF_F_BROADCAST = (1ULL << 3),
|
||||
BPF_F_EXCLUDE_INGRESS = (1ULL << 4),
|
||||
BPF_F_INGRESS = (1ULL << 0), /* used for skb path */
|
||||
BPF_F_BROADCAST = (1ULL << 3), /* used for XDP path */
|
||||
BPF_F_EXCLUDE_INGRESS = (1ULL << 4), /* used for XDP path */
|
||||
#define BPF_F_REDIRECT_FLAGS (BPF_F_INGRESS | BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS)
|
||||
};
|
||||
|
||||
#define __bpf_md_ptr(type, name) \
|
||||
|
@ -7080,6 +7081,7 @@ enum {
|
|||
TCP_BPF_SYN = 1005, /* Copy the TCP header */
|
||||
TCP_BPF_SYN_IP = 1006, /* Copy the IP[46] and TCP header */
|
||||
TCP_BPF_SYN_MAC = 1007, /* Copy the MAC, IP[46], and TCP header */
|
||||
TCP_BPF_SOCK_OPS_CB_FLAGS = 1008, /* Get or Set TCP sock ops flags */
|
||||
};
|
||||
|
||||
enum {
|
||||
|
@ -7512,4 +7514,13 @@ struct bpf_iter_num {
|
|||
__u64 __opaque[1];
|
||||
} __attribute__((aligned(8)));
|
||||
|
||||
/*
|
||||
* Flags to control BPF kfunc behaviour.
|
||||
* - BPF_F_PAD_ZEROS: Pad destination buffer with zeros. (See the respective
|
||||
* helper documentation for details.)
|
||||
*/
|
||||
enum bpf_kfunc_flags {
|
||||
BPF_F_PAD_ZEROS = (1ULL << 0),
|
||||
};
|
||||
|
||||
#endif /* __LINUX_BPF_H__ */
|
||||
|
|
|
@ -28,6 +28,23 @@
|
|||
#define _BITUL(x) (_UL(1) << (x))
|
||||
#define _BITULL(x) (_ULL(1) << (x))
|
||||
|
||||
#if !defined(__ASSEMBLY__)
|
||||
/*
|
||||
* Missing __asm__ support
|
||||
*
|
||||
* __BIT128() would not work in the __asm__ code, as it shifts an
|
||||
* 'unsigned __init128' data type as direct representation of
|
||||
* 128 bit constants is not supported in the gcc compiler, as
|
||||
* they get silently truncated.
|
||||
*
|
||||
* TODO: Please revisit this implementation when gcc compiler
|
||||
* starts representing 128 bit constants directly like long
|
||||
* and unsigned long etc. Subsequently drop the comment for
|
||||
* GENMASK_U128() which would then start supporting __asm__ code.
|
||||
*/
|
||||
#define _BIT128(x) ((unsigned __int128)(1) << (x))
|
||||
#endif
|
||||
|
||||
#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1)
|
||||
#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))
|
||||
|
||||
|
|
|
@ -2531,4 +2531,20 @@ struct ethtool_link_settings {
|
|||
* __u32 map_lp_advertising[link_mode_masks_nwords];
|
||||
*/
|
||||
};
|
||||
|
||||
/**
|
||||
* enum phy_upstream - Represents the upstream component a given PHY device
|
||||
* is connected to, as in what is on the other end of the MII bus. Most PHYs
|
||||
* will be attached to an Ethernet MAC controller, but in some cases, there's
|
||||
* an intermediate PHY used as a media-converter, which will driver another
|
||||
* MII interface as its output.
|
||||
* @PHY_UPSTREAM_MAC: Upstream component is a MAC (a switch port,
|
||||
* or ethernet controller)
|
||||
* @PHY_UPSTREAM_PHY: Upstream component is a PHY (likely a media converter)
|
||||
*/
|
||||
enum phy_upstream {
|
||||
PHY_UPSTREAM_MAC,
|
||||
PHY_UPSTREAM_PHY,
|
||||
};
|
||||
|
||||
#endif /* _LINUX_ETHTOOL_H */
|
||||
|
|
|
@ -67,6 +67,7 @@ enum {
|
|||
FRA_IP_PROTO, /* ip proto */
|
||||
FRA_SPORT_RANGE, /* sport */
|
||||
FRA_DPORT_RANGE, /* dport */
|
||||
FRA_DSCP, /* dscp */
|
||||
__FRA_MAX
|
||||
};
|
||||
|
||||
|
|
|
@ -230,8 +230,8 @@ struct tpacket_hdr_v1 {
|
|||
* ts_first_pkt:
|
||||
* Is always the time-stamp when the block was opened.
|
||||
* Case a) ZERO packets
|
||||
* No packets to deal with but atleast you know the
|
||||
* time-interval of this block.
|
||||
* No packets to deal with but at least you know
|
||||
* the time-interval of this block.
|
||||
* Case b) Non-zero packets
|
||||
* Use the ts of the first packet in the block.
|
||||
*
|
||||
|
@ -265,7 +265,8 @@ enum tpacket_versions {
|
|||
- struct tpacket_hdr
|
||||
- pad to TPACKET_ALIGNMENT=16
|
||||
- struct sockaddr_ll
|
||||
- Gap, chosen so that packet data (Start+tp_net) alignes to TPACKET_ALIGNMENT=16
|
||||
- Gap, chosen so that packet data (Start+tp_net) aligns to
|
||||
TPACKET_ALIGNMENT=16
|
||||
- Start+tp_mac: [ Optional MAC header ]
|
||||
- Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16.
|
||||
- Pad to align to TPACKET_ALIGNMENT=16
|
||||
|
|
|
@ -141,7 +141,7 @@ struct in_addr {
|
|||
*/
|
||||
#define IP_PMTUDISC_INTERFACE 4
|
||||
/* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get
|
||||
* fragmented if they exeed the interface mtu
|
||||
* fragmented if they exceed the interface mtu
|
||||
*/
|
||||
#define IP_PMTUDISC_OMIT 5
|
||||
|
||||
|
|
|
@ -140,25 +140,6 @@
|
|||
|
||||
#endif /* _NETINET_IN_H */
|
||||
|
||||
/* Coordinate with glibc netipx/ipx.h header. */
|
||||
#if defined(__NETIPX_IPX_H)
|
||||
|
||||
#define __UAPI_DEF_SOCKADDR_IPX 0
|
||||
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 0
|
||||
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 0
|
||||
#define __UAPI_DEF_IPX_CONFIG_DATA 0
|
||||
#define __UAPI_DEF_IPX_ROUTE_DEF 0
|
||||
|
||||
#else /* defined(__NETIPX_IPX_H) */
|
||||
|
||||
#define __UAPI_DEF_SOCKADDR_IPX 1
|
||||
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
|
||||
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
|
||||
#define __UAPI_DEF_IPX_CONFIG_DATA 1
|
||||
#define __UAPI_DEF_IPX_ROUTE_DEF 1
|
||||
|
||||
#endif /* defined(__NETIPX_IPX_H) */
|
||||
|
||||
/* Definitions for xattr.h */
|
||||
#if defined(_SYS_XATTR_H)
|
||||
#define __UAPI_DEF_XATTR 0
|
||||
|
@ -240,23 +221,6 @@
|
|||
#define __UAPI_DEF_IP6_MTUINFO 1
|
||||
#endif
|
||||
|
||||
/* Definitions for ipx.h */
|
||||
#ifndef __UAPI_DEF_SOCKADDR_IPX
|
||||
#define __UAPI_DEF_SOCKADDR_IPX 1
|
||||
#endif
|
||||
#ifndef __UAPI_DEF_IPX_ROUTE_DEFINITION
|
||||
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
|
||||
#endif
|
||||
#ifndef __UAPI_DEF_IPX_INTERFACE_DEFINITION
|
||||
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
|
||||
#endif
|
||||
#ifndef __UAPI_DEF_IPX_CONFIG_DATA
|
||||
#define __UAPI_DEF_IPX_CONFIG_DATA 1
|
||||
#endif
|
||||
#ifndef __UAPI_DEF_IPX_ROUTE_DEF
|
||||
#define __UAPI_DEF_IPX_ROUTE_DEF 1
|
||||
#endif
|
||||
|
||||
/* Definitions for xattr.h */
|
||||
#ifndef __UAPI_DEF_XATTR
|
||||
#define __UAPI_DEF_XATTR 1
|
||||
|
|
|
@ -436,7 +436,7 @@ enum nft_set_elem_flags {
|
|||
* @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data)
|
||||
* @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes)
|
||||
* @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32)
|
||||
* @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64)
|
||||
* @NFTA_SET_ELEM_TIMEOUT: timeout value, zero means never times out (NLA_U64)
|
||||
* @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64)
|
||||
* @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY)
|
||||
* @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes)
|
||||
|
@ -1694,7 +1694,7 @@ enum nft_flowtable_flags {
|
|||
*
|
||||
* @NFTA_FLOWTABLE_TABLE: name of the table containing the expression (NLA_STRING)
|
||||
* @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING)
|
||||
* @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32)
|
||||
* @NFTA_FLOWTABLE_HOOK: netfilter hook configuration (NLA_NESTED)
|
||||
* @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32)
|
||||
* @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64)
|
||||
* @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32)
|
||||
|
|
|
@ -16,10 +16,15 @@ struct nhmsg {
|
|||
struct nexthop_grp {
|
||||
__u32 id; /* nexthop id - must exist */
|
||||
__u8 weight; /* weight of this nexthop */
|
||||
__u8 resvd1;
|
||||
__u8 weight_high; /* high order bits of weight */
|
||||
__u16 resvd2;
|
||||
};
|
||||
|
||||
static __inline__ __u16 nexthop_grp_weight(const struct nexthop_grp *entry)
|
||||
{
|
||||
return ((entry->weight_high << 8) | entry->weight) + 1;
|
||||
}
|
||||
|
||||
enum {
|
||||
NEXTHOP_GRP_TYPE_MPATH, /* hash-threshold nexthop group
|
||||
* default type if not specified
|
||||
|
@ -33,6 +38,9 @@ enum {
|
|||
#define NHA_OP_FLAG_DUMP_STATS BIT(0)
|
||||
#define NHA_OP_FLAG_DUMP_HW_STATS BIT(1)
|
||||
|
||||
/* Response OP_FLAGS. */
|
||||
#define NHA_OP_FLAG_RESP_GRP_RESVD_0 BIT(31) /* Dump clears resvd fields. */
|
||||
|
||||
enum {
|
||||
NHA_UNSPEC,
|
||||
NHA_ID, /* u32; id for nexthop. id == 0 means auto-assign */
|
||||
|
|
|
@ -531,20 +531,24 @@ int is_idmapping_supported(const char *path) {
|
|||
userns_fd = userns_acquire(uid_map, gid_map);
|
||||
if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd))
|
||||
return false;
|
||||
if (userns_fd == -ENOSPC) {
|
||||
log_debug_errno(userns_fd, "Failed to acquire new user namespace, user.max_user_namespaces seems to be exhausted or maybe even zero, assuming ID-mapping is not supported: %m");
|
||||
return false;
|
||||
}
|
||||
if (userns_fd < 0)
|
||||
return log_debug_errno(userns_fd, "ID-mapping supported namespace acquire failed for '%s' : %m", path);
|
||||
return log_debug_errno(userns_fd, "Failed to acquire new user namespace for checking if '%s' supports ID-mapping: %m", path);
|
||||
|
||||
dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
|
||||
if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd))
|
||||
return false;
|
||||
if (dir_fd < 0)
|
||||
return log_debug_errno(dir_fd, "ID-mapping supported open failed for '%s' : %m", path);
|
||||
return log_debug_errno(dir_fd, "Failed to open '%s', cannot determine if ID-mapping is supported: %m", path);
|
||||
|
||||
mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC));
|
||||
if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL)
|
||||
return false;
|
||||
if (mount_fd < 0)
|
||||
return log_debug_errno(mount_fd, "ID-mapping supported open_tree failed for '%s' : %m", path);
|
||||
return log_debug_errno(mount_fd, "Failed to open mount tree '%s', cannot determine if ID-mapping is supported: %m", path);
|
||||
|
||||
r = RET_NERRNO(mount_setattr(mount_fd, "", AT_EMPTY_PATH,
|
||||
&(struct mount_attr) {
|
||||
|
@ -554,7 +558,7 @@ int is_idmapping_supported(const char *path) {
|
|||
if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL)
|
||||
return false;
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "ID-mapping supported setattr failed for '%s' : %m", path);
|
||||
return log_debug_errno(r, "Failed to set mount attribute to '%s', cannot determine if ID-mapping is supported: %m", path);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -98,16 +98,11 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
|
|||
}
|
||||
}
|
||||
|
||||
#if HAVE_SYSV_COMPAT
|
||||
else if (streq(key, "fastboot") && !value) {
|
||||
log_warning("Please pass 'fsck.mode=skip' rather than 'fastboot' on the kernel command line.");
|
||||
else if (streq(key, "fastboot") && !value)
|
||||
arg_skip = true;
|
||||
|
||||
} else if (streq(key, "forcefsck") && !value) {
|
||||
log_warning("Please pass 'fsck.mode=force' rather than 'forcefsck' on the kernel command line.");
|
||||
else if (streq(key, "forcefsck") && !value)
|
||||
arg_force = true;
|
||||
}
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -14,7 +14,6 @@ systemd_pull_sources = files(
|
|||
'pull-tar.c',
|
||||
'pull-job.c',
|
||||
'pull-common.c',
|
||||
'curl-util.c',
|
||||
)
|
||||
|
||||
systemd_import_sources = files(
|
||||
|
|
|
@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
|
|||
|
||||
int pidfd = sd_varlink_get_peer_pidfd(v);
|
||||
if (pidfd < 0) {
|
||||
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd))
|
||||
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
|
||||
return pidfd;
|
||||
|
||||
pid_t pid;
|
||||
|
|
|
@ -101,18 +101,19 @@ static int help(int argc, char *argv[], void *userdata) {
|
|||
" -j Same as --json=pretty on tty, --json=short otherwise\n"
|
||||
" --append=PATH Load specified JSON signature, and append new signature to it\n"
|
||||
"\n%3$sUKI PE Section Options:%4$s %3$sUKI PE Section%4$s\n"
|
||||
" --linux=PATH Path to Linux kernel image file %7$s .linux\n"
|
||||
" --osrel=PATH Path to os-release file %7$s .osrel\n"
|
||||
" --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n"
|
||||
" --initrd=PATH Path to initrd image file %7$s .initrd\n"
|
||||
" --ucode=PATH Path to microcode image file %7$s .ucode\n"
|
||||
" --splash=PATH Path to splash bitmap file %7$s .splash\n"
|
||||
" --dtb=PATH Path to DeviceTree file %7$s .dtb\n"
|
||||
" --uname=PATH Path to 'uname -r' file %7$s .uname\n"
|
||||
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
|
||||
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
|
||||
" --profile=PATH Path to profile file %7$s .profile\n"
|
||||
" --hwids=PATH Path to HWIDs file %7$s .hwids\n"
|
||||
" --linux=PATH Path to Linux kernel image file %7$s .linux\n"
|
||||
" --osrel=PATH Path to os-release file %7$s .osrel\n"
|
||||
" --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n"
|
||||
" --initrd=PATH Path to initrd image file %7$s .initrd\n"
|
||||
" --ucode=PATH Path to microcode image file %7$s .ucode\n"
|
||||
" --splash=PATH Path to splash bitmap file %7$s .splash\n"
|
||||
" --dtb=PATH Path to DeviceTree file %7$s .dtb\n"
|
||||
" --dtbauto=PATH Path to DeviceTree file for auto selection %7$s .dtbauto\n"
|
||||
" --uname=PATH Path to 'uname -r' file %7$s .uname\n"
|
||||
" --sbat=PATH Path to SBAT file %7$s .sbat\n"
|
||||
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
|
||||
" --profile=PATH Path to profile file %7$s .profile\n"
|
||||
" --hwids=PATH Path to HWIDs file %7$s .hwids\n"
|
||||
"\nSee the %2$s for details.\n",
|
||||
program_invocation_short_name,
|
||||
link,
|
||||
|
|
|
@ -2280,10 +2280,9 @@ static int copy_devnode_one(const char *dest, const char *node, bool ignore_mkno
|
|||
r = path_extract_directory(from, &parent);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to extract directory from %s: %m", from);
|
||||
if (!path_equal(parent, "/dev/")) {
|
||||
if (userns_mkdir(dest, parent, 0755, 0, 0) < 0)
|
||||
return log_error_errno(r, "Failed to create directory %s: %m", parent);
|
||||
}
|
||||
r = userns_mkdir(dest, parent, 0755, 0, 0);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to create directory %s: %m", parent);
|
||||
|
||||
if (mknod(to, st.st_mode, st.st_rdev) < 0) {
|
||||
r = -errno; /* Save the original error code. */
|
||||
|
@ -4654,7 +4653,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
|
|||
|
||||
ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
|
||||
if (!ucred || ucred->pid != inner_child_pid) {
|
||||
log_debug("Received notify message without valid credentials. Ignoring.");
|
||||
log_debug("Received notify message from process that is not the payload's PID 1. Ignoring.");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -36,14 +36,9 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
|
|||
arg_skip = true;
|
||||
else
|
||||
log_warning("Invalid quotacheck.mode= value, ignoring: %s", value);
|
||||
}
|
||||
|
||||
#if HAVE_SYSV_COMPAT
|
||||
else if (streq(key, "forcequotacheck") && !value) {
|
||||
log_warning("Please use 'quotacheck.mode=force' rather than 'forcequotacheck' on the kernel command line. Proceeding anyway.");
|
||||
} else if (streq(key, "forcequotacheck") && !value)
|
||||
arg_force = true;
|
||||
}
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -117,6 +117,10 @@ if conf.get('ENABLE_DNS_OVER_TLS') == 1
|
|||
endif
|
||||
endif
|
||||
|
||||
if conf.get('ENABLE_DNS_OVER_HTTPS') == 1
|
||||
systemd_resolved_dependencies += libcurl
|
||||
endif
|
||||
|
||||
link_with = [
|
||||
libshared,
|
||||
libsystemd_resolve_core,
|
||||
|
|
|
@ -422,10 +422,17 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) {
|
|||
|
||||
/* Determine the best feature level we care about. If DNSSEC mode is off there's no point in using anything
|
||||
* better than EDNS0, hence don't even try. */
|
||||
if (dns_server_get_dnssec_mode(s) != DNSSEC_NO)
|
||||
if (dns_server_get_dnssec_mode(s) != DNSSEC_NO) {
|
||||
best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
|
||||
DNS_SERVER_FEATURE_LEVEL_DO :
|
||||
DNS_SERVER_FEATURE_LEVEL_TLS_DO;
|
||||
/* TODO: Add HTTPS_PLAIN_DO too? */
|
||||
#if ENABLE_DNS_OVER_HTTPS
|
||||
best = dns_server_get_dns_over_https_mode(s) == DNS_OVER_HTTPS_NO ?
|
||||
DNS_SERVER_FEATURE_LEVEL_DO :
|
||||
DNS_SERVER_FEATURE_LEVEL_HTTPS_PLAIN;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
|
||||
DNS_SERVER_FEATURE_LEVEL_EDNS0 :
|
||||
|
@ -493,7 +500,8 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) {
|
|||
} else if (s->packet_bad_opt &&
|
||||
DNS_SERVER_FEATURE_LEVEL_IS_EDNS0(s->possible_feature_level) &&
|
||||
dns_server_get_dnssec_mode(s) != DNSSEC_YES &&
|
||||
dns_server_get_dns_over_tls_mode(s) != DNS_OVER_TLS_YES) {
|
||||
dns_server_get_dns_over_tls_mode(s) != DNS_OVER_TLS_YES &&
|
||||
dns_server_get_dns_over_https_mode(s) != DNS_OVER_HTTPS_YES) {
|
||||
|
||||
/* A reply to one of our EDNS0 queries didn't carry a valid OPT RR, then downgrade to
|
||||
* below EDNS0 levels. After all, some servers generate different responses with and
|
||||
|
@ -962,6 +970,12 @@ DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s) {
|
|||
return manager_get_dns_over_tls_mode(s->manager);
|
||||
}
|
||||
|
||||
DnsOverHttpsMode dns_server_get_dns_over_https_mode(DnsServer *s) {
|
||||
assert(s);
|
||||
|
||||
return manager_get_dns_over_https_mode(s->manager);
|
||||
}
|
||||
|
||||
void dns_server_flush_cache(DnsServer *s) {
|
||||
DnsServer *current;
|
||||
DnsScope *scope;
|
||||
|
@ -1095,12 +1109,13 @@ static const char* const dns_server_type_table[_DNS_SERVER_TYPE_MAX] = {
|
|||
DEFINE_STRING_TABLE_LOOKUP(dns_server_type, DnsServerType);
|
||||
|
||||
static const char* const dns_server_feature_level_table[_DNS_SERVER_FEATURE_LEVEL_MAX] = {
|
||||
[DNS_SERVER_FEATURE_LEVEL_TCP] = "TCP",
|
||||
[DNS_SERVER_FEATURE_LEVEL_UDP] = "UDP",
|
||||
[DNS_SERVER_FEATURE_LEVEL_EDNS0] = "UDP+EDNS0",
|
||||
[DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN] = "TLS+EDNS0",
|
||||
[DNS_SERVER_FEATURE_LEVEL_DO] = "UDP+EDNS0+DO",
|
||||
[DNS_SERVER_FEATURE_LEVEL_TLS_DO] = "TLS+EDNS0+DO",
|
||||
[DNS_SERVER_FEATURE_LEVEL_TCP] = "TCP",
|
||||
[DNS_SERVER_FEATURE_LEVEL_UDP] = "UDP",
|
||||
[DNS_SERVER_FEATURE_LEVEL_EDNS0] = "UDP+EDNS0",
|
||||
[DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN] = "TLS+EDNS0",
|
||||
[DNS_SERVER_FEATURE_LEVEL_HTTPS_PLAIN] = "HTTPS+EDNS0",
|
||||
[DNS_SERVER_FEATURE_LEVEL_DO] = "UDP+EDNS0+DO",
|
||||
[DNS_SERVER_FEATURE_LEVEL_TLS_DO] = "TLS+EDNS0+DO",
|
||||
};
|
||||
DEFINE_STRING_TABLE_LOOKUP(dns_server_feature_level, DnsServerFeatureLevel);
|
||||
|
||||
|
|
|
@ -35,6 +35,7 @@ typedef enum DnsServerFeatureLevel {
|
|||
DNS_SERVER_FEATURE_LEVEL_UDP,
|
||||
DNS_SERVER_FEATURE_LEVEL_EDNS0,
|
||||
DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN,
|
||||
DNS_SERVER_FEATURE_LEVEL_HTTPS_PLAIN,
|
||||
DNS_SERVER_FEATURE_LEVEL_DO,
|
||||
DNS_SERVER_FEATURE_LEVEL_TLS_DO,
|
||||
_DNS_SERVER_FEATURE_LEVEL_MAX,
|
||||
|
@ -46,6 +47,7 @@ typedef enum DnsServerFeatureLevel {
|
|||
#define DNS_SERVER_FEATURE_LEVEL_IS_EDNS0(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_EDNS0)
|
||||
#define DNS_SERVER_FEATURE_LEVEL_IS_TLS(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, DNS_SERVER_FEATURE_LEVEL_TLS_DO)
|
||||
#define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO)
|
||||
#define DNS_SERVER_FEATURE_LEVEL_IS_HTTPS(x) ((x) == DNS_SERVER_FEATURE_LEVEL_HTTPS_PLAIN)
|
||||
#define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO)
|
||||
|
||||
const char* dns_server_feature_level_to_string(DnsServerFeatureLevel i) _const_;
|
||||
|
@ -164,6 +166,7 @@ void manager_next_dns_server(Manager *m, DnsServer *if_current);
|
|||
|
||||
DnssecMode dns_server_get_dnssec_mode(DnsServer *s);
|
||||
DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s);
|
||||
DnsOverHttpsMode dns_server_get_dns_over_https_mode(DnsServer *s);
|
||||
|
||||
size_t dns_server_get_mtu(DnsServer *s);
|
||||
|
||||
|
|
|
@ -4,11 +4,13 @@
|
|||
|
||||
#include "af-list.h"
|
||||
#include "alloc-util.h"
|
||||
|
||||
#include "dns-domain.h"
|
||||
#include "errno-list.h"
|
||||
#include "errno-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "glyph-util.h"
|
||||
#include "hexdecoct.h"
|
||||
#include "random-util.h"
|
||||
#include "resolved-dns-cache.h"
|
||||
#include "resolved-dns-transaction.h"
|
||||
|
@ -16,6 +18,10 @@
|
|||
#include "resolved-llmnr.h"
|
||||
#include "string-table.h"
|
||||
|
||||
#if ENABLE_DNS_OVER_HTTPS
|
||||
#include "curl-util.h"
|
||||
#endif
|
||||
|
||||
#define TRANSACTIONS_MAX 4096
|
||||
#define TRANSACTION_TCP_TIMEOUT_USEC (10U*USEC_PER_SEC)
|
||||
|
||||
|
@ -682,7 +688,13 @@ static uint16_t dns_transaction_port(DnsTransaction *t) {
|
|||
if (t->server->port > 0)
|
||||
return t->server->port;
|
||||
|
||||
return DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level) ? 853 : 53;
|
||||
if (DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level))
|
||||
return 853;
|
||||
|
||||
if (DNS_SERVER_FEATURE_LEVEL_IS_HTTPS(t->current_feature_level))
|
||||
return 443;
|
||||
|
||||
return 53;
|
||||
}
|
||||
|
||||
static int dns_transaction_emit_tcp(DnsTransaction *t) {
|
||||
|
@ -1518,6 +1530,9 @@ static int dns_transaction_emit_udp(DnsTransaction *t) {
|
|||
if (t->current_feature_level < DNS_SERVER_FEATURE_LEVEL_UDP || DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level))
|
||||
return -EAGAIN; /* Sorry, can't do UDP, try TCP! */
|
||||
|
||||
if (DNS_SERVER_FEATURE_LEVEL_IS_HTTPS(t->current_feature_level))
|
||||
return -EAGAIN; /* Direct request logic to HTTPS */
|
||||
|
||||
if (!t->bypass && !dns_server_dnssec_supported(t->server) && dns_type_is_dnssec(dns_transaction_key(t)->type))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
|
@ -1984,6 +1999,223 @@ static int mdns_make_dummy_packet(DnsTransaction *t, DnsPacket **ret_packet, Set
|
|||
return add_known_answers;
|
||||
}
|
||||
|
||||
#if ENABLE_DNS_OVER_HTTPS
|
||||
static size_t dns_transaction_curl_header_callback(void *contents, size_t size, size_t nmemb, void *userdata) {
|
||||
_cleanup_free_ char *content_header = NULL;
|
||||
DnsTransaction *t = ASSERT_PTR(userdata);
|
||||
size_t sz = size * nmemb;
|
||||
CURLcode code;
|
||||
long status;
|
||||
int r;
|
||||
|
||||
assert(contents);
|
||||
|
||||
code = curl_easy_getinfo(t->curl, CURLINFO_RESPONSE_CODE, &status);
|
||||
if (code != CURLE_OK)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to retrieve response code: %s", curl_easy_strerror(code));
|
||||
|
||||
if (status >= 200 && status <= 299) {
|
||||
r = curl_header_strdup(contents, sz, "Content-Type:", &content_header);
|
||||
if (r < 0) {
|
||||
log_oom();
|
||||
return 0;
|
||||
}
|
||||
if (r > 0) {
|
||||
r = strcmp("application/dns-message", content_header);
|
||||
if (r == 0)
|
||||
t->valid_dns_message = true;
|
||||
return sz;
|
||||
}
|
||||
}
|
||||
|
||||
return sz;
|
||||
}
|
||||
|
||||
static size_t dns_transaction_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userdata) {
|
||||
DnsTransaction *t = ASSERT_PTR(userdata);
|
||||
size_t sz = size * nmemb;
|
||||
int r;
|
||||
|
||||
t->payload = memdup(contents, sz);
|
||||
if (!t->payload) {
|
||||
log_debug("Failed to extract HTTP payload to further processing");
|
||||
r = log_oom();
|
||||
goto fail;
|
||||
}
|
||||
|
||||
t->payload_size += sz;
|
||||
|
||||
return sz;
|
||||
|
||||
fail:
|
||||
dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
|
||||
return r;
|
||||
}
|
||||
|
||||
static int dns_transaction_curl_recv(DnsTransaction *t, DnsPacket **p) {
|
||||
size_t ms;
|
||||
int r;
|
||||
|
||||
ms = t->payload_size;
|
||||
|
||||
if (t->payload_size < 1) {
|
||||
log_debug("Received HTTP payload unexpected size %zu", t->payload_size);
|
||||
return -1;
|
||||
}
|
||||
|
||||
r = dns_packet_new(p, DNS_PROTOCOL_DNS, ms, DNS_PACKET_SIZE_MAX);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
log_debug("Received HTTP payload of size %zu", t->payload_size);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int dns_transaction_curl_make_url(DnsTransaction *t, char **url) {
|
||||
_cleanup_free_ char *base64_string = NULL;
|
||||
uint8_t *packet_to_send = DNS_PACKET_DATA(t->sent);
|
||||
int r;
|
||||
|
||||
/* Let's zero the query ID according to the RFC */
|
||||
packet_to_send[0] = 0;
|
||||
packet_to_send[1] = 0;
|
||||
|
||||
r = base64mem_full(packet_to_send, t->sent->size, MAX_URL_LENGTH, &base64_string);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "Failed to encode DNS packet to base64");
|
||||
return r;
|
||||
}
|
||||
|
||||
/* Remove base64 trailing characters */
|
||||
delete_trailing_chars(base64_string, "=");
|
||||
|
||||
/* Build the DoH's wire format request URL */
|
||||
r = asprintf(url, "https://%s/dns-query?dns=%s", t->server->server_string, base64_string);
|
||||
if (r < 0) {
|
||||
log_debug("Failed to allocate and set the url for transaction %" PRIu16 ".", t->id);
|
||||
return r;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void dns_transaction_curl_on_response(CurlGlue *g, CURL *curl, CURLcode result) {
|
||||
_cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
|
||||
DnsTransaction *t = NULL;
|
||||
int status;
|
||||
int r;
|
||||
|
||||
assert(g);
|
||||
assert(curl);
|
||||
|
||||
curl_easy_getinfo(curl, CURLINFO_PRIVATE, &t);
|
||||
|
||||
if (result != CURLE_OK) {
|
||||
log_error_errno(SYNTHETIC_ERRNO(EIO), "HTTP request failed: %s", curl_easy_strerror(result));
|
||||
status = DNS_TRANSACTION_INVALID_REPLY;
|
||||
goto finish;
|
||||
}
|
||||
|
||||
if (!t->valid_dns_message) {
|
||||
log_debug("Received invalid HTTP payload, expected content type of application/dns-message");
|
||||
status = DNS_TRANSACTION_INVALID_REPLY;
|
||||
goto finish;
|
||||
}
|
||||
|
||||
r = dns_transaction_curl_recv(t, &p);
|
||||
if (r < 0) {
|
||||
log_debug_errno(r, "HTTP payload receive failure");
|
||||
dns_transaction_complete_errno(t, r);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Transfer the received payload to transaction/packet struct */
|
||||
uint8_t *p_data = DNS_PACKET_DATA(p);
|
||||
memcpy(p_data, t->payload, t->payload_size);
|
||||
|
||||
p->size = t->payload_size;
|
||||
|
||||
r = dns_packet_validate_reply(p);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Received invalid DNS packet as response, ignoring: %m");
|
||||
|
||||
if (r == 0)
|
||||
log_debug("Received inappropriate DNS packet as response, ignoring");
|
||||
|
||||
dns_transaction_process_reply(t, p, false);
|
||||
|
||||
return;
|
||||
finish:
|
||||
dns_transaction_complete(t, status);
|
||||
}
|
||||
|
||||
static int dns_transaction_emit_curl(DnsTransaction *t) {
|
||||
_cleanup_(sd_event_unrefp) sd_event *e = NULL;
|
||||
_cleanup_free_ char *rule = NULL;
|
||||
int r;
|
||||
|
||||
assert(t);
|
||||
assert(t->sent);
|
||||
|
||||
dns_transaction_close_connection(t, true);
|
||||
|
||||
if (t->scope->protocol == DNS_PROTOCOL_DNS) {
|
||||
r = dns_transaction_pick_server(t);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (manager_server_is_stub(t->scope->manager, t->server))
|
||||
return -ELOOP;
|
||||
|
||||
r = curl_glue_new(&t->glue, e);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
t->glue->on_finished = dns_transaction_curl_on_response;
|
||||
|
||||
r = dns_transaction_curl_make_url(t, &t->url);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = curl_glue_make(&t->curl, t->url, t);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (curl_easy_setopt(t->curl, CURLOPT_HEADERFUNCTION, dns_transaction_curl_header_callback) != CURLE_OK)
|
||||
return -EIO;
|
||||
|
||||
if (curl_easy_setopt(t->curl, CURLOPT_HEADERDATA, t) != CURLE_OK)
|
||||
return -EIO;
|
||||
|
||||
if (curl_easy_setopt(t->curl, CURLOPT_WRITEFUNCTION, dns_transaction_curl_write_callback) != CURLE_OK)
|
||||
return -EIO;
|
||||
|
||||
if (curl_easy_setopt(t->curl, CURLOPT_WRITEDATA, t) != CURLE_OK)
|
||||
return -EIO;
|
||||
|
||||
// Prevents libcurl's native name lookups
|
||||
r = asprintf(&rule, "%s:443:%s", t->server->server_string, t->server->server_string);
|
||||
if (r < 0) {
|
||||
log_debug("Failed to compound IP resolution to CURLOPT_RESOLVE parameter");
|
||||
return r;
|
||||
}
|
||||
|
||||
t->glue->resolve_rules = curl_slist_append(NULL, rule);
|
||||
if (curl_easy_setopt(t->curl, CURLOPT_RESOLVE, t->glue->resolve_rules) != CURLE_OK)
|
||||
return -EIO;
|
||||
|
||||
|
||||
log_debug("Emitting HTTPS request via curl for transaction %" PRIu16, t->id);
|
||||
r = curl_glue_add(t->glue, t->curl);
|
||||
if (r < 0)
|
||||
return r;
|
||||
} else
|
||||
/* TODO: Is this the right error code here? */
|
||||
return -ELOOP;
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
static int dns_transaction_make_packet_mdns(DnsTransaction *t) {
|
||||
_cleanup_(dns_packet_unrefp) DnsPacket *p = NULL, *dummy = NULL;
|
||||
_cleanup_set_free_ Set *keys = NULL;
|
||||
|
@ -2172,10 +2404,20 @@ int dns_transaction_go(DnsTransaction *t) {
|
|||
r = dns_transaction_emit_udp(t);
|
||||
if (r == -EMSGSIZE)
|
||||
log_debug("Sending query via TCP since it is too large.");
|
||||
#if ENABLE_DNS_OVER_HTTPS
|
||||
else if ((r == -EAGAIN &&
|
||||
(DNS_SERVER_FEATURE_LEVEL_IS_HTTPS(t->current_feature_level))))
|
||||
log_debug("Sending query via HTTPS.");
|
||||
#endif
|
||||
else if (r == -EAGAIN)
|
||||
log_debug("Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.");
|
||||
else if (r == -EPERM)
|
||||
log_debug("Sending query via TCP since UDP is blocked.");
|
||||
#if ENABLE_DNS_OVER_HTTPS
|
||||
if ((r == -EAGAIN &&
|
||||
(DNS_SERVER_FEATURE_LEVEL_IS_HTTPS(t->current_feature_level))))
|
||||
r = dns_transaction_emit_curl(t);
|
||||
#endif
|
||||
if (IN_SET(r, -EMSGSIZE, -EAGAIN, -EPERM))
|
||||
r = dns_transaction_emit_tcp(t);
|
||||
}
|
||||
|
|
|
@ -1,9 +1,19 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
#pragma once
|
||||
|
||||
#if ENABLE_DNS_OVER_HTTPS
|
||||
#include <curl/curl.h>
|
||||
#endif
|
||||
|
||||
#include "sd-event.h"
|
||||
|
||||
#if ENABLE_DNS_OVER_HTTPS
|
||||
#include "curl-util.h"
|
||||
#endif
|
||||
|
||||
#include "in-addr-util.h"
|
||||
|
||||
|
||||
typedef struct DnsTransaction DnsTransaction;
|
||||
typedef struct DnsTransactionFinder DnsTransactionFinder;
|
||||
typedef enum DnsTransactionState DnsTransactionState;
|
||||
|
@ -92,7 +102,15 @@ struct DnsTransaction {
|
|||
|
||||
/* TCP connection logic, if we need it */
|
||||
DnsStream *stream;
|
||||
|
||||
#if ENABLE_DNS_OVER_HTTPS
|
||||
/* HTTPS connection logic, if we need it */
|
||||
CurlGlue *glue;
|
||||
CURL *curl;
|
||||
char *url;
|
||||
uint8_t *payload;
|
||||
size_t payload_size;
|
||||
bool valid_dns_message;
|
||||
#endif
|
||||
/* The active server */
|
||||
DnsServer *server;
|
||||
|
||||
|
@ -219,6 +237,9 @@ DnsTransactionSource dns_transaction_source_from_string(const char *s) _pure_;
|
|||
/* Maximum attempts to send MDNS requests, see RFC 6762 Section 8.1 */
|
||||
#define MDNS_TRANSACTION_ATTEMPTS_MAX 3
|
||||
|
||||
/* Maximum URL length for HTTP GET request, see RFC ... */
|
||||
#define MAX_URL_LENGTH 2048
|
||||
|
||||
#define TRANSACTION_ATTEMPTS_MAX(p) ((p) == DNS_PROTOCOL_LLMNR ? \
|
||||
LLMNR_TRANSACTION_ATTEMPTS_MAX : \
|
||||
(p) == DNS_PROTOCOL_MDNS ? \
|
||||
|
|
|
@ -26,6 +26,7 @@ Resolve.LLMNR, config_parse_resolve_support, 0,
|
|||
Resolve.MulticastDNS, config_parse_resolve_support, 0, offsetof(Manager, mdns_support)
|
||||
Resolve.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Manager, dnssec_mode)
|
||||
Resolve.DNSOverTLS, config_parse_dns_over_tls_mode, 0, offsetof(Manager, dns_over_tls_mode)
|
||||
Resolve.DNSOverHTTPS, config_parse_dns_over_https_mode, 0, offsetof(Manager, dns_over_https_mode)
|
||||
Resolve.Cache, config_parse_dns_cache_mode, DNS_CACHE_MODE_YES, offsetof(Manager, enable_cache)
|
||||
Resolve.DNSStubListener, config_parse_dns_stub_listener_mode, 0, offsetof(Manager, dns_stub_listener_mode)
|
||||
Resolve.ReadEtcHosts, config_parse_bool, 0, offsetof(Manager, read_etc_hosts)
|
||||
|
|
|
@ -1670,6 +1670,15 @@ DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
|
|||
return DNS_OVER_TLS_NO;
|
||||
}
|
||||
|
||||
DnsOverHttpsMode manager_get_dns_over_https_mode(Manager *m) {
|
||||
assert(m);
|
||||
|
||||
if (m->dns_over_https_mode != _DNS_OVER_HTTPS_MODE_INVALID)
|
||||
return m->dns_over_https_mode;
|
||||
|
||||
return DNS_OVER_HTTPS_NO;
|
||||
}
|
||||
|
||||
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
|
||||
|
||||
assert(verdict >= 0);
|
||||
|
|
|
@ -40,6 +40,7 @@ struct Manager {
|
|||
ResolveSupport mdns_support;
|
||||
DnssecMode dnssec_mode;
|
||||
DnsOverTlsMode dns_over_tls_mode;
|
||||
DnsOverHttpsMode dns_over_https_mode;
|
||||
DnsCacheMode enable_cache;
|
||||
bool cache_from_localhost;
|
||||
DnsStubListenerMode dns_stub_listener_mode;
|
||||
|
@ -207,6 +208,8 @@ bool manager_dnssec_supported(Manager *m);
|
|||
|
||||
DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m);
|
||||
|
||||
DnsOverHttpsMode manager_get_dns_over_https_mode(Manager *m);
|
||||
|
||||
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key);
|
||||
|
||||
bool manager_routable(Manager *m);
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
#Domains=
|
||||
#DNSSEC={{DEFAULT_DNSSEC_MODE_STR}}
|
||||
#DNSOverTLS={{DEFAULT_DNS_OVER_TLS_MODE_STR}}
|
||||
#DNSOverHTTPS={{DEFAULT_DNS_OVER_HTTPS_MODE_STR}}
|
||||
#MulticastDNS={{DEFAULT_MDNS_MODE_STR}}
|
||||
#LLMNR={{DEFAULT_LLMNR_MODE_STR}}
|
||||
#Cache=yes
|
||||
|
|
|
@ -311,6 +311,9 @@ void curl_glue_remove_and_free(CurlGlue *g, CURL *c) {
|
|||
if (g->curl)
|
||||
curl_multi_remove_handle(g->curl, c);
|
||||
|
||||
if (g->resolve_rules)
|
||||
curl_slist_free_all(g->resolve_rules);
|
||||
|
||||
curl_easy_cleanup(c);
|
||||
}
|
||||
|
|
@ -20,6 +20,7 @@ struct CurlGlue {
|
|||
|
||||
void (*on_finished)(CurlGlue *g, CURL *curl, CURLcode code);
|
||||
void *userdata;
|
||||
struct curl_slist *resolve_rules;;
|
||||
};
|
||||
|
||||
int curl_glue_new(CurlGlue **glue, sd_event *event);
|
|
@ -256,6 +256,10 @@ if conf.get('HAVE_TPM2') == 1 and conf.get('HAVE_LIBCRYPTSETUP') == 1
|
|||
shared_sources += files('cryptsetup-tpm2.c')
|
||||
endif
|
||||
|
||||
if conf.get('HAVE_LIBCURL') == 1
|
||||
shared_sources += files('curl-util.c')
|
||||
endif
|
||||
|
||||
generate_ip_protocol_list = find_program('generate-ip-protocol-list.sh')
|
||||
ip_protocol_list_txt = custom_target(
|
||||
'ip-protocol-list.txt',
|
||||
|
@ -337,6 +341,11 @@ libshared_deps = [threads,
|
|||
libxz_cflags,
|
||||
libzstd_cflags]
|
||||
|
||||
# Is this correct?
|
||||
if conf.get('HAVE_LIBCURL') == 1
|
||||
libshared_deps += [libcurl]
|
||||
endif
|
||||
|
||||
libshared_sym_path = meson.current_source_dir() / 'libshared.sym'
|
||||
libshared_build_dir = meson.current_build_dir()
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
DEFINE_CONFIG_PARSE_ENUM(config_parse_resolve_support, resolve_support, ResolveSupport);
|
||||
DEFINE_CONFIG_PARSE_ENUM(config_parse_dnssec_mode, dnssec_mode, DnssecMode);
|
||||
DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_over_tls_mode, dns_over_tls_mode, DnsOverTlsMode);
|
||||
DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_over_https_mode, dns_over_https_mode, DnsOverHttpsMode);
|
||||
|
||||
static const char* const resolve_support_table[_RESOLVE_SUPPORT_MAX] = {
|
||||
[RESOLVE_SUPPORT_NO] = "no",
|
||||
|
@ -29,6 +30,12 @@ static const char* const dns_over_tls_mode_table[_DNS_OVER_TLS_MODE_MAX] = {
|
|||
};
|
||||
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_over_tls_mode, DnsOverTlsMode, DNS_OVER_TLS_YES);
|
||||
|
||||
static const char* const dns_over_https_mode_table[_DNS_OVER_HTTPS_MODE_MAX] = {
|
||||
[DNS_OVER_HTTPS_NO] = "no",
|
||||
[DNS_OVER_HTTPS_YES] = "yes",
|
||||
};
|
||||
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_over_https_mode, DnsOverHttpsMode, DNS_OVER_HTTPS_YES);
|
||||
|
||||
bool dns_server_address_valid(int family, const union in_addr_union *sa) {
|
||||
|
||||
/* Refuses the 0 IP addresses as well as 127.0.0.53/127.0.0.54 (which is our own DNS stub) */
|
||||
|
|
|
@ -27,6 +27,7 @@ enum DnsCacheMode {
|
|||
typedef enum ResolveSupport ResolveSupport;
|
||||
typedef enum DnssecMode DnssecMode;
|
||||
typedef enum DnsOverTlsMode DnsOverTlsMode;
|
||||
typedef enum DnsOverHttpsMode DnsOverHttpsMode;
|
||||
|
||||
/* Do not change the order, see link_get_llmnr_support() or link_get_mdns_support(). */
|
||||
enum ResolveSupport {
|
||||
|
@ -70,9 +71,21 @@ enum DnsOverTlsMode {
|
|||
_DNS_OVER_TLS_MODE_INVALID = -EINVAL,
|
||||
};
|
||||
|
||||
enum DnsOverHttpsMode {
|
||||
/* No connection is made for DNS-over-HTTPS */
|
||||
DNS_OVER_HTTPS_NO,
|
||||
|
||||
/* Enforce DNS-over-HTTPS */
|
||||
DNS_OVER_HTTPS_YES,
|
||||
|
||||
_DNS_OVER_HTTPS_MODE_MAX,
|
||||
_DNS_OVER_HTTPS_MODE_INVALID = -EINVAL,
|
||||
};
|
||||
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_https_mode);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_dns_cache_mode);
|
||||
|
||||
const char* resolve_support_to_string(ResolveSupport p) _const_;
|
||||
|
@ -84,6 +97,9 @@ DnssecMode dnssec_mode_from_string(const char *s) _pure_;
|
|||
const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_;
|
||||
DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_;
|
||||
|
||||
const char* dns_over_https_mode_to_string(DnsOverHttpsMode p) _const_;
|
||||
DnsOverHttpsMode dns_over_https_mode_from_string(const char *s) _pure_;
|
||||
|
||||
bool dns_server_address_valid(int family, const union in_addr_union *sa);
|
||||
|
||||
const char* dns_cache_mode_to_string(DnsCacheMode p) _const_;
|
||||
|
|
|
@ -98,15 +98,17 @@ static int delete_dm(DeviceMapper *m) {
|
|||
assert(major(m->devnum) != 0);
|
||||
assert(m->path);
|
||||
|
||||
fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
|
||||
if (fd < 0)
|
||||
log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
|
||||
else {
|
||||
(void) sync_with_progress(fd);
|
||||
fd = safe_close(fd);
|
||||
}
|
||||
|
||||
fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC);
|
||||
if (fd < 0)
|
||||
return -errno;
|
||||
|
||||
_cleanup_close_ int block_fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
|
||||
if (block_fd < 0)
|
||||
log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
|
||||
else
|
||||
(void) sync_with_progress(block_fd);
|
||||
return log_debug_errno(errno, "Failed to open /dev/mapper/control: %m");
|
||||
|
||||
return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) {
|
||||
.version = {
|
||||
|
|
|
@ -211,10 +211,8 @@ static int sync_making_progress(unsigned long long *prev_dirty) {
|
|||
continue;
|
||||
|
||||
errno = 0;
|
||||
if (sscanf(line, "%*s %llu %*s", &ull) != 1) {
|
||||
log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field, ignoring: %m");
|
||||
return false;
|
||||
}
|
||||
if (sscanf(line, "%*s %llu %*s", &ull) != 1)
|
||||
return log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field: %m");
|
||||
|
||||
val += ull;
|
||||
}
|
||||
|
|
|
@ -960,10 +960,13 @@ exec $(systemctl cat systemd-networkd.service | sed -n '/^ExecStart=/ {{ s/^.*=/
|
|||
|
||||
# wait until devices got created
|
||||
for _ in range(50):
|
||||
out = subprocess.check_output(['ip', 'a', 'show', 'dev', self.if_router])
|
||||
if b'state UP' in out and b'scope global' in out:
|
||||
if subprocess.run(['ip', 'link', 'show', 'dev', self.if_router],
|
||||
stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL).returncode == 0:
|
||||
break
|
||||
time.sleep(0.1)
|
||||
else:
|
||||
subprocess.call(['ip', 'link', 'show', 'dev', self.if_router])
|
||||
self.fail('Timed out waiting for {ifr} created.'.format(ifr=self.if_router))
|
||||
|
||||
def shutdown_iface(self):
|
||||
'''Remove test interface and stop DHCP server'''
|
||||
|
|
|
@ -13,11 +13,12 @@
|
|||
|
||||
d /run/lock 0755 root root -
|
||||
L /var/lock - - - - ../run/lock
|
||||
|
||||
{% if HAVE_SYSV_COMPAT %}
|
||||
{% if CREATE_LOG_DIRS %}
|
||||
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
||||
{% endif %}
|
||||
|
||||
{% if HAVE_SYSV_COMPAT %}
|
||||
# /run/lock/subsys is used for serializing SysV service execution, and
|
||||
# hence without use on SysV-less systems.
|
||||
d /run/lock/subsys 0755 root root -
|
||||
|
|
Loading…
Reference in New Issue